Allow or restrict the ability to embed content on SharePoint pages

Site collection administrators control whether users can embed content from external websites. If they don't let contributors embed content, users who try to do so will see an error message that says, “Embedding content from this website isn't allowed.”

Site level settings

Site collection admins can turn off embedding content, allow embedding content from a specific list of sites, or allow embedding from any site by changing the HTML Field Security setting in site settings. Here's how:

Browse to the root site of your site collection.

Click Settings
> Site information > View all site settings.

On the Site settings page, under Site Collection Administration, click HTML Field Security.

Select one of the following options:

Do not permit contributors to insert iframes from external domains into pages on this site to disallow the use of iFrames for all sites in the site collection.

Permit contributors to insert iframes from any external domain into pages on this site to allow the use of iFrames for all sites in the site collection and to allow data from any external website to be displayed in the iFrame. For security reasons, we do not recommend this option.

Note: When custom scripting is turned off for your site, this option applies only to the Embed web part. All other HTML fields will only allow embedding from the specified list of external domains described below. For more information on scripting, see Allow or prevent custom script.

Permit contributors to insert iframes from the following list of external domains into pages on this site to add a web domain to a list of domains whose content can be displayed in iframes in the site collection. To remove a website from the list, select it, and then click Remove.

Click OK.

SharePoint comes with a default list of web sites from which content can be displayed. You can add or remove sites in this list. The default list for newly created sites is: